ZLD4.73 & ZLD5.36 patch 2 Official Version Released to address Buffer Overflow Issues
All Replies
-
Thanks and well done for coming up with a fix so quickly! I had this issue on our USG Flex 500 and I had to take a trip into the office to disconnect the WAN link and then power cycle and update to the new firmware. This seems to have resolved the issue now. Will more details be released about this DDOS attack?
0 -
We would greatly appreciate it if you could provide us with a clear explanation regarding the reasons why this issue occurred on all our firewalls, despite automatic updates being disabled. This would help us take appropriate corrective measures and prevent any future recurrence.Therefore, we kindly request that you demonstrate transparency by sharing all available information regarding this specific matter. We would like to understand if this is due to a known issue on your side, a specific configuration, or any other cause that you can identify.
Your assistance and cooperation in this matter are highly appreciated. We eagerly await your detailed response so that we can resolve this issue and maintain the security and stability of our network.
0 -
L2TP VPN user not authorized in AD over MS-CHAP v2 after this update.
Same in 5.35 / 5.36 / 5.36 P1 !!!!!!!!!!!!!!!!!Last working firmware is week 5.35.(ABAR.0)ITS-23WK06.
Need working VPN and secured ZYWALL please.0 -
Hello i upgraded a USG 20w-VPN into new version 5.36 from 4.25 and i lost my configuration.
I can't find any olf firmware to roll back my config file?
Do you have any?
Thanks in advance
0 -
https://support.zyxel.eu/hc/en-us/articles/360013941859-Security-Products-Firmware-Overview-and-History-Downloads-for-FLEX-ATP-USG-VPN-ZYWALL
0 -
Hello, can you provide a working link for firmware 5.10 for USG20-VPN ?
Direct upgrade to latest fails and all links through dropbox are not working due to too many accesses.We are unable to upgrade and solve the issue since we are on 4.65 and direct jump to latest does not work
0 -
https://support.zyxel.eu/hc/en-us/articles/360013941859-Security-Products-Firmware-Overview-FLEX-ATP-USG-VPN-ZYWALL-
what I don't get is why many people on old firmware who never upgraded when they could? and then this happens and need to jump to the newest…
0 -
Hello everyone,
I read the official note you could see below.
I undestand the first condition: DoS attack, so the firewall could not answer and you need to power cycle it (like some other users had to).
I need to know how to identify if a remote code was excuted and if the firewall integrity is still guaranteed.
Waiting for news.
________________OFFICIAL NOTE________________
Dear valued user,
We have detected severe buffer overflow vulnerabilities that could lead to operational disruptions during routine tasks. We strongly recommend users to immediately install Firmware ZLD V4.73 P2 or ZLD V5.36 P2 and thoroughly examine the security advisory to ensure maximum network security.
This crucial update mitigates the severe vulnerability that could potentially enable an unauthenticated attacker to induce denial-of-service (DoS) conditions or even execute remote code on a vulnerable device.
Related Products
Impacted series
Impacted version
Patch availability
ATP
ZLD V4.32 to V5.36 Patch1
ZLD V5.36 Patch 2
USG FLEX
ZLD V4.50 to V5.36 Patch 1
ZLD V5.36 Patch 2
USG FLEX50(W)/USG20(W)-VPN
ZLD V4.25 to V5.36 Patch 1
ZLD V5.36 Patch 2
VPN
ZLD V4.30 to V5.36 Patch 1
ZLD V5.36 Patch 2
ZyWALL/USG
ZLD V4.25 to V4.73 Patch 1
ZLD V4.73 Patch 2
0 -
You could use DDNS on site to site and firewall VPN services to Zywall per DDNS as source FQDN
0 -
Thank you. If you try the links in that page, they all point to dropbox and dropbox disabled them because of too many accesses: so is not possibile to download anything
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight